All Politics is now Global

Tag Archives: Stuxnet

Cyber is the newest branch of warfare. Even in its baby stages, it has the potential to cripple the United States.

On the afternoon of Dec. 23, 2015, Ukrainian engineers from a Prykarpattya Oblenergo power station stared at a computer screen while the cursor progressed on its own across the monitor. The mouse on the table had not moved. But the cursor hovered over the station’s breakers, each one controlling power to thousands of Ukrainian citizens. Then, with one mouse click at a time, the hackers now in control of the power station began shutting off power to hundreds of thousands of Ukrainians.

At the same time, Kyivoblenergo employees watched as dozens of substations shut down, one by one. In their case, there was no phantom mouse. A computer on their network that they could not locate was being used by someone to shut down the power—and there was nothing they could do. Continue reading →

A soldier from the Army’s offensive cyber brigade during an exercise at Fort Lewis, Washington.

What if the next war starts, not with a gunshot, but with a tweet? As tensions rise, US troops discover their families’ names, faces, and home addresses have been posted on social media as they prepare to deploy, along with exhortations to kill the fascists/imperialists/infidels (pick one). Trolls call them late at night with death threats, a mentally ill lone wolf runs over a soldier’s children, fake news claims the military is covering up more deaths, and official social media accounts are hacked to post falsehoods. The whole force is distracted and demoralized.

Meanwhile, defense contractors discover the networks they use to deliver supplies to the military have been penetrated. Vital spare parts go missing without ever leaving the warehouse because the serial number saying which crate they’re in has been scrambled in the database. As railways and seaports prepare to transport heavy equipment, they discover key railroad switches, loading cranes, and other equipment – civilian-owned but vital to the military operation – now malfunction unpredictably, forcing prolonged safety inspections. Continue reading →

How did a country smaller than El Salvador with a population of eight million and few natural resources become a military superpower within a few decades?

In The Weapon Wizards: How Israel Became a High-Tech Military Superpower (St. Martin’s Press, 2017), authors Yaakov Katz and Amir Bohbot explain this remarkable phenomenon. Calling on their experience as Israel Defense Forces (IDF) veterans and seasoned national security analysts, they present an intriguing and engrossing account of Israel’s defense capabilities development. From a country lacking bullets and aircraft, Israel transformed itself into one of the most effective militaries in the world and the sixth-largest arms exporter globally. Today, Western powers, including the U.S., France, the UK, Russia and China, all come to Israel to learn and establish joint ventures.Continue reading →

After a four-year hiatus, Iran recently resumed destructive cyber attacks against Saudi Arabia in what U.S. officials say is part of a long-term strategy by Tehran to take over the oil-rich kingdom and regional U.S. ally.

Late last month, the Saudi government warned in a notice to telecommunications companies that an Iranian-origin malicious software called Shamoon had resurfaced in cyber attacks against some 15 Saudi organizations, including government networks. Continue reading →

In the latest startling revelation that the US and Russia are ever closer to a state of, if not “kinetic”, then certainly cyberwar, overnight NBC reported that U.S. military hackers had penetrated Russia’s electric grid, telecommunications networks and the Kremlin’s command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary. As noted earlier, American officials have long accused Russia, China and other nations of probed probing and leaving hidden malware on parts of U.S critical infrastructure, “preparing the battlefield,” in military parlance, for cyber attacks that could turn out the lights or turn off the internet across major cities.

…

In any case, Russia responded to the report, and said that it expects Washington to provide an explanation if it is indeed true that Pentagon hackers have penetrated Russia’s power grids, telecommunications networks, and the Kremlin’s command systems for a possible sabotage.

The Stuxnet virus was about to make history. Transferred via USB into Iran’s Natanz uranium enrichment facility in mid-2009, the virus went to work, subtly tearing down the facility’s infrastructure. What made this historical was not its digital potency, but the fact that this virus impacted the physical, slowly wreaking havoc on the centrifuges, causing major delays to Iran’s nuclear program—precisely as Stuxnet’s creators had planned. The worm gradually increased pressure in the centrifuges, bemusing Iranian scientists and engineers. Under the increasing pressure, the centrifuges wore out quickly, forcing Tehran to replace them.

It was mid-2010 before Iran caught on and was able to tackle the virus. But then something happened. Something that Stuxnet’s creators didn’t plan for. A seed was planted in the minds of the Iranian elite: a plan to develop an Iranian cyber program capable of defending Iranian tech and attacking that of its enemies.

Indeed, our modern western financial and banking system with its massive dependency on single interface websites, servers and the internet faces serious risks that few analysts have yet to appreciate and evaluate.We previously referred to Russian Prime Minister Medvedev’s allusion to cyber warfare when he stated the Russia’s response to U.S. attempts to have it locked out of the SWIFT system that the Russian response “economically and otherwise – will know no limits.”

Dormant malware, apparently of Russian origin had previously been discovered buried in the software that runs the Nasdaq stock exchange according to Bloomberg.

Given that a military confrontation is not desired by Russia it is likely that cyber-warfare will be part of Russian arsenal in any confrontation with the U.S. and NATO countries. Continue reading →

Have you also ever wondered if those constant Windows ‘updates’ throughout the years were more than updates?

It’s also interesting to note that the researchers come from Kaspersky Lab, a Russian company headquartered in Moscow, which produces anti-virus software (and more) that millions of Americans use and trust.

Having said that, are the Russians infiltrating American citizen’s computers as well as ‘high value’ targets?

Kaspersky: ‘Equation Group’ attacked ‘high value targets’

America’s National Security Agency (NSA) has infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet and dating back at least 14 years, and possibly up to two decades, according to an analysis by Kaspersky labs and subsequent reports.

…

The agency is said to have compromised hard drive firmware for more than a dozen top brands, including Seagate, Western Digital, IBM, Toshiba, Samsung and Maxtor, Kaspersky researchers revealed. Continue reading →

Amid all the noise the Sony hack generated over the holidays, a far more troubling cyber attack was largely lost in the chaos. Unless you follow security news closely, you likely missed it.

I’m referring to the revelation, in a German report released just before Christmas (.pdf), that hackers had struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—though unspecified—damage. Continue reading →

Another day, another cyber attack. What’s more alarming at the moment however isn’t clear:

The fact that the public is becoming callous after being constantly inundated by stories of another attack each day, thinking tomorrow will be the same as today.

The fact that the intelligence community is seemingly always behind on the extent of the damage or how deep America’s adversaries have actually penetrated.

The fact that nothing is done in retaliation when it’s a known fact who’s behind the attacks.

Perhaps the answer is D), all of the above. Sadly, much of the American public isn’t even aware of what’s happening or the threat it poses.

BOSTON (Reuters) – The Federal Bureau of Investigation has warned U.S. businesses to be on the alert for a sophisticated Iranian hacking operation whose targets include defence contractors, energy firms and educational institutions, according to a confidential agency document.

The operation is the same as one flagged last week by cyber security firm Cylance Inc as targeting critical infrastructure organizations worldwide, cyber security experts said. Cylance has said it uncovered more than 50 victims from what it dubbed Operation Cleaver, in 16 countries, including the United States.

The FBI’s confidential “Flash” report, seen by Reuters on Friday, provides technical details about malicious software and techniques used in the attacks, along with advice on thwarting the hackers. It asked businesses to contact the FBI if they believed they were victims. Continue reading →

BOSTON (Reuters) – Iranian hackers have infiltrated major airlines, energy companies, and defense firms around the globe over the past two years in a campaign that could eventually cause physical damage, according to U.S. cyber security firm Cylance.

The report comes as governments scramble to better understand the extent of Iran’s cyber capabilities, which researchers say have grown rapidly as Tehran seeks to retaliate for Western cyber attacks on its nuclear program.

“We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world’s physical safety,” Cylance said in an 87-page report on the hacking campaign released on Tuesday. Continue reading →

In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq (NDAQ). It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.

As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis—and many less well known or understood players—all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once—in Nasdaq.

The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. A crisis action team convened via secure videoconference in a briefing room in an 11-story office building in the Washington suburbs. Besides a fondue restaurant and a CrossFit gym, the building is home to the National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’s response to digital attacks on the U.S. They reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate. Continue reading →

WASHINGTON – U.S. and European energy companies have become the target of a “Dragonfly” virus out of Eastern Europe that goes after energy grids, major electricity generation firms, petroleum pipelines operators and energy industrial equipment providers.

Unearthed by the cyber security firm Symantec, Dragonfly has been in operation since at least 2011. Its malware software allows its operators to not only monitor in real time, but also disrupt and even sabotage wind turbines, gas pipelines and power plants – all with the click of a computer mouse.

The attacks have disrupted industrial control system equipment providers by installing the malware during downloaded updates for computers running the ICS equipment. Continue reading →

Iran’s semi-official Fars news agency “reveals” that Saudi Arabia and Israel’s Mossad are “co-conspiring to produce a computer worm more destructive than the Stuxnet malware to sabotage Iran’s nuclear program.” The report appeared Monday, Dec. 2, during foreign Minister Javad Zarif’s tour of Arabian Gulf capitals,with the object of easing tensions between the emirates and Tehran. Riyadh was not on his itinerary.

…

The Iranian agency now claims that Saudi intelligence director Prince Bandar Bin Sultan and the head of Israel’s Mossad Tamir Pardo met in Vienna on Nov. 24, shortly after the six world powers signed their first interim nuclear agreement with Iran in Geneva. Continue reading →